Senior Security Architect

A leading fintech client of mine within the fintech space is looking for an Enterprise Security Architect , developing a comprehensive security strategy is a core responsibility. This strategy should align with business objectives while ensuring resilience against evolving cyber threats. Responsibilities & The Role: Security Strategy & Roadmap Define the long-term security strategy, aligning it with business goals, IT strategy, and regulatory requirements. Develop a multi-year security roadmap that includes investments in cybersecurity technologies, processes, and capabilities. Security Architecture Framework Establish an enterprise security architecture framework (e.g., SABSA, TOGAF, Zero Trust ). Define security reference architectures for network security, cloud security, application security, and endpoint security. Implement Zero Trust Architecture (ZTA) principles, including identity-centric security, least privilege access, and continuous verification. Conduct cyber risk assessments to identify vulnerabilities and assess risks using methodologies like NIST Risk Management Framework (RMF), FAIR Model, or ISO 27005. Security Governance & Compliance Develop security policies, standards, and guidelines that enforce regulatory compliance (e.g., ISO 27001, NIST, GDPR, PCI DSS, SOC 2 ). Establish governance structures, including Security Steering Committees to oversee cybersecurity programs. Ensure audit readiness and facilitate security audits and certifications. Embed security into Enterprise Architecture (EA) by working with IT, DevOps, and engineering teams. Develop secure-by-design principles that integrate security in cloud, application, and infrastructure designs. Promote DevSecOps to shift security left in the software development lifecycle (SDLC). Threat Intelligence & Cyber Resilience Implement a Threat Intelligence Program to proactively identify emerging cyber threats and attack trends. Establish a Cyber Resilience Strategy, including business continuity (BCP) and disaster recovery (DR) planning. Security Awareness & Culture Foster a security-first culture by developing awareness programs and security training for employees, developers, and leadership. Conduct phishing simulations, secure coding training, and executive-level cybersecurity briefings. Continuous Improvement & Security Metrics Define Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure security effectiveness. Leverage security automation and AI-driven analytics to enhance threat detection and response. Must have / Nice to have: The ability to be hands on Ideally you will be familiar with working on projects from scratch, taking on responsibility from the start The ideal candidate would have worked for small to medium size businesses at some point or be comfortable making key decisions and being accountable for the strategy of decisions made. There is a 2 - 3 stage interview process with 3 days a week expected on my clients site in London. Apply now to be considered. ADZN1_UKTJ